auth0.ap1.stg.scalar.zf.com Open in urlscan Pro
2606:4700::6810:a016 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/
Effective URL:
https://auth0.ap1.stg.scalar.zf.com/login?state=hKFo2SBlVWZNcjNpR3BlNGgzcDdWb2ZhcktnUjlPa2VLWEhMM6FupWxvZ2luo3RpZNkgZzlPWnhIT2tRSnFD...
Submission: On May 21 via automatic, source certstream-suspicious (May 21st 2024, 1:52:59 am UTC) — Scanned from DE

Summary HTTP 24 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 1 countries across 3 domains to perform 24 HTTP transactions. The main IP is 2606:4700::6810:a016, located in United States and belongs to CLOUDFLARENET, US. The main domain is auth0.ap1.stg.scalar.zf.com.
TLS certificate: Issued by E1 on April 17th 2024. Valid for: 3 months.

This is the only time auth0.ap1.stg.scalar.zf.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	18.239.36.79 18.239.36.79	16509 (AMAZON-02) (AMAZON-02)
16	2a04:4e42:600... 2a04:4e42:600::485	54113 (FASTLY) (FASTLY)
1 2	2606:4700::68... 2606:4700::6810:a016	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:244... 2600:9000:2449:e200:10:474e:104a:2961	16509 (AMAZON-02) (AMAZON-02)
1	18.238.243.28 18.238.243.28	16509 (AMAZON-02) (AMAZON-02)
24	6

2 18.239.36.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-36-79.ams58.r.cloudfront.net

mf-react-pki-certificate-service.ap1.stg.scalar.zf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:a016 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

auth0.ap1.stg.scalar.zf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2449:e200:10:474e:104a:2961 (United States)

ASN16509 (AMAZON-02, US)

cdn.auth0.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.238.243.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-243-28.ams58.r.cloudfront.net

app-react-login.ap1.stg.scalar.zf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 310	83 KB
5	zf.com 1 redirects mf-react-pki-certificate-service.ap1.stg.scalar.zf.com auth0.ap1.stg.scalar.zf.com app-react-login.ap1.stg.scalar.zf.com	743 KB
2	auth0.com cdn.auth0.com — Cisco Umbrella Rank: 6742	43 KB
24	3

	Domain	Requested by
16	cdn.jsdelivr.net	mf-react-pki-certificate-service.ap1.stg.scalar.zf.com cdn.jsdelivr.net app-react-login.ap1.stg.scalar.zf.com
2	cdn.auth0.com	auth0.ap1.stg.scalar.zf.com
2	auth0.ap1.stg.scalar.zf.com	1 redirects mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
2	mf-react-pki-certificate-service.ap1.stg.scalar.zf.com	cdn.jsdelivr.net
1	app-react-login.ap1.stg.scalar.zf.com	auth0.ap1.stg.scalar.zf.com cdn.jsdelivr.net
24	5

This site contains no links.

Subject Issuer	Validity	Valid
mf-react-pki-certificate-service.ap1.stg.scalar.zf.com Amazon RSA 2048 M02	`2024-05-20` - `2025-06-18`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
auth0.ap1.stg.scalar.zf.com E1	`2024-04-17` - `2024-07-16`	3 months	crt.sh
*.auth0.com Amazon RSA 2048 M03	`2024-01-25` - `2025-02-22`	a year	crt.sh
app-react-login.ap1.stg.scalar.zf.com Amazon RSA 2048 M03	`2023-09-13` - `2024-10-12`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://auth0.ap1.stg.scalar.zf.com/login?state=hKFo2SBlVWZNcjNpR3BlNGgzcDdWb2ZhcktnUjlPa2VLWEhMM6FupWxvZ2luo3RpZNkgZzlPWnhIT2tRSnFDT0RJTXJGZEtheWZ1NUIydGlyQVOjY2lk2SAxQ1RuRWp2b1lSQ3ZUYXJyemhXMFJPTzB4V01zVG84SQ&client=1CTnEjvoYRCvTarrzhW0ROO0xWMsTo8I&protocol=oauth2&audience=UM&scope=openid%20profile%20email%20offline_access&redirect_uri=https%3A%2F%2Fmf-react-pki-certificate-service.ap1.stg.scalar.zf.com%2Fcallback&response_type=code&response_mode=query&nonce=Z292LnRyTjFDSE10eFR1Mk9ET2dodTlNVTliSzlZa0NIaFZRUks3a0VyMQ%3D%3D&code_challenge=p5n2hpMAv65Wr98T3XQtuf3VQwe5Niw6IJ9U2F6kSLY&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS4xMi4xIn0%3D
Frame ID: 2F718DEEECB8ACD7761FC1728A15C72E
Requests: 14 HTTP requests in this frame

Frame: https://app-react-login.ap1.stg.scalar.zf.com/
Frame ID: 44076C523FC653D0A08409DE3FD5A5B0
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page URL History Show full URLs

https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/ Page URL
https://auth0.ap1.stg.scalar.zf.com/authorize?audience=UM&scope=openid%20profile%20email%20offline_access&client... HTTP 302
https://auth0.ap1.stg.scalar.zf.com/login?state=hKFo2SBlVWZNcjNpR3BlNGgzcDdWb2ZhcktnUjlPa2VLWEhMM6FupWxvZ2luo3Rp... Page URL

Detected technologies

Auth0 (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/auth0(?:-js)?/([\d.]+)/auth0(?:.min)?\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

24
Requests

92 %
HTTPS

60 %
IPv6

3
Domains

5
Subdomains

6
IPs

1
Countries

868 kB
Transfer

3529 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/ Page URL
https://auth0.ap1.stg.scalar.zf.com/authorize?audience=UM&scope=openid%20profile%20email%20offline_access&client_id=1CTnEjvoYRCvTarrzhW0ROO0xWMsTo8I&redirect_uri=https%3A%2F%2Fmf-react-pki-certificate-service.ap1.stg.scalar.zf.com%2Fcallback&response_type=code&response_mode=query&state=WXd1UlVOQmFSblVlNXppSzRMZFV0d1VkWnJ2TFRWfk1wOGZ2ZG9vQnFFMw%3D%3D&nonce=Z292LnRyTjFDSE10eFR1Mk9ET2dodTlNVTliSzlZa0NIaFZRUks3a0VyMQ%3D%3D&code_challenge=p5n2hpMAv65Wr98T3XQtuf3VQwe5Niw6IJ9U2F6kSLY&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS4xMi4xIn0%3D HTTP 302
https://auth0.ap1.stg.scalar.zf.com/login?state=hKFo2SBlVWZNcjNpR3BlNGgzcDdWb2ZhcktnUjlPa2VLWEhMM6FupWxvZ2luo3RpZNkgZzlPWnhIT2tRSnFDT0RJTXJGZEtheWZ1NUIydGlyQVOjY2lk2SAxQ1RuRWp2b1lSQ3ZUYXJyemhXMFJPTzB4V01zVG84SQ&client=1CTnEjvoYRCvTarrzhW0ROO0xWMsTo8I&protocol=oauth2&audience=UM&scope=openid%20profile%20email%20offline_access&redirect_uri=https%3A%2F%2Fmf-react-pki-certificate-service.ap1.stg.scalar.zf.com%2Fcallback&response_type=code&response_mode=query&nonce=Z292LnRyTjFDSE10eFR1Mk9ET2dodTlNVTliSzlZa0NIaFZRUks3a0VyMQ%3D%3D&code_challenge=p5n2hpMAv65Wr98T3XQtuf3VQwe5Niw6IJ9U2F6kSLY&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS4xMi4xIn0%3D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/ 3 KB
2 KB 85ms
39ms Document
text/html 18.239.36.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.239.36.79 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-239-36-79.ams58.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

74ad1cc7a810b6e2dcbcd201215251ef2dd57a7ab8bc95c1f108bbae608ed521

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .scalar.zf.com .walkme.com .auth0.com; frame-src https: blob: .zf.com; default-src 'self' .jsdelivr.net .cdn.walkme.com .zf.com; img-src 'self' data: blob: https: .walkmeusercontent.com; script-src 'self' https: 'wasm-unsafe-eval' 'unsafe-eval' .jsdelivr.net 'unsafe-inline' .zf.com .walkme.com .mapbox.com; style-src 'self' 'unsafe-inline' *.walkme.com https:; object-src 'none'; font-src 'self' https: data:; connect-src wss: https: data:; worker-src 'self' blob:
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 30630
cache-control: no-cache
content-encoding: gzip
content-security-policy: frame-ancestors *.scalar.zf.com *.walkme.com *.auth0.com; frame-src https: blob: *.zf.com; default-src 'self' *.jsdelivr.net *.cdn.walkme.com *.zf.com; img-src 'self' data: blob: https: *.walkmeusercontent.com; script-src 'self' https: 'wasm-unsafe-eval' 'unsafe-eval' *.jsdelivr.net 'unsafe-inline' *.zf.com *.walkme.com *.mapbox.com; style-src 'self' 'unsafe-inline' *.walkme.com https:; object-src 'none'; font-src 'self' https: data:; connect-src wss: https: data:; worker-src 'self' blob:
content-type: text/html
date: Mon, 20 May 2024 17:22:25 GMT
etag: W/"802eb04520b21e73e3e9e5687662f5c6"
last-modified: Mon, 20 May 2024 13:27:45 GMT
referrer-policy: strict-origin-when-cross-origin
server: AmazonS3
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 0df834b214e5d5be3767a579b1941edc.cloudfront.net (CloudFront)
x-amz-cf-id: iywD-n4PzbcdOjr4u6PmQ3bCXrXWAglcv8pI-9MsjDiQ9ehgxdCQGQ==
x-amz-cf-pop: AMS58-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: null
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 runtime.min.js Show response
cdn.jsdelivr.net/npm/regenerator-runtime@0.13.9/ 7 KB
3 KB 30ms
9ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/regenerator-runtime@0.13.9/runtime.min.js

Requested by

Host: mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
URL: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

77d19549a305065ee52b2d568eba337536662830e5dd139a3968e2d0bc52c744

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 21 May 2024 01:52:54 GMT
x-content-type-options: nosniff
content-encoding: br
age: 1114652
x-jsd-version: 0.13.9
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2754
x-served-by: cache-fra-eddf8230135-FRA
x-jsd-version-type: version
etag: W/"1ae4-Na/OzxhfKa/jJwFIAaPghVpVc6A"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 react.production.min.js Show response
cdn.jsdelivr.net/npm/react@18.2.0/umd/ 10 KB
5 KB 28ms
7ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/react@18.2.0/umd/react.production.min.js

Requested by

Host: mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
URL: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4b4969fa4ef3594324da2c6d78ce8766fbbc2fd121fff395aedf997db0a99a06

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/
Origin: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 21 May 2024 01:52:54 GMT
x-content-type-options: nosniff
content-encoding: br
age: 2415082
x-jsd-version: 18.2.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4465
x-served-by: cache-fra-eddf8230151-FRA
x-jsd-version-type: version
etag: W/"29f1-mAiaM9DPL6Sz4bqbfuubi6Csgqc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 react-dom.production.min.js Show response
cdn.jsdelivr.net/npm/react-dom@18.2.0/umd/ 129 KB
44 KB 28ms
7ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/react-dom@18.2.0/umd/react-dom.production.min.js

Requested by

Host: mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
URL: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

21758ed084cd0e37e735722ee4f3957ea960628a29dfa6c3ce1a1d47a2d6e4f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/
Origin: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 21 May 2024 01:52:54 GMT
x-content-type-options: nosniff
content-encoding: br
age: 2415082
x-jsd-version: 18.2.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 44592
x-served-by: cache-fra-eddf8230151-FRA
x-jsd-version-type: version
etag: W/"2032a-UG2RAMqgcABaiQvUlt5kxDfW0Ag"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 single-spa.min.js Show response
cdn.jsdelivr.net/npm/single-spa@5.9.4/lib/system/ 20 KB
7 KB 34ms
13ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/single-spa@5.9.4/lib/system/single-spa.min.js

Requested by

Host: mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
URL: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fda24b7112d59c7417df5bd735ebc7c4bf22c68fc6403497f35dd5245ef04371

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/
Origin: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 21 May 2024 01:52:54 GMT
x-content-type-options: nosniff
content-encoding: br
age: 1028344
x-jsd-version: 5.9.4
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6770
x-served-by: cache-fra-eddf8230151-FRA
x-jsd-version-type: version
etag: W/"5059-2wiyzGMvQ5lqQS+Z7/KQHjyi1Ac"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 system.min.js Show response
cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/ 11 KB
5 KB 29ms
8ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/system.min.js

Requested by

Host: mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
URL: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

faf458dcada028341e6c98a52f71067328fb710a51d0f3acb69df9dbe93619af

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 21 May 2024 01:52:54 GMT
x-content-type-options: nosniff
content-encoding: br
age: 2861055
x-jsd-version: 6.8.3
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4684
x-served-by: cache-fra-eddf8230135-FRA
x-jsd-version-type: version
etag: W/"2d8f-vNLePrR3zcdZpnqBy/hzJsUTIac"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 rxjs.min.js Show response
cdn.jsdelivr.net/npm/@esm-bundle/rxjs@7.5.6/system/es2015/ 3 KB
1 KB 30ms
10ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@esm-bundle/rxjs@7.5.6/system/es2015/rxjs.min.js

Requested by

Host: mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
URL: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d192aa00fbdb4e8c6cfe3fe8b2e6a8bc7a698c97a573ecd3a46fd61bb700e649

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 21 May 2024 01:52:54 GMT
x-content-type-options: nosniff
content-encoding: br
age: 1550483
x-jsd-version: 7.5.6
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1316
x-served-by: cache-fra-eddf8230135-FRA
x-jsd-version-type: version
etag: W/"aba-MaEu2eoP0/qi2oATNbBoSWrEgFc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 dynamic-import-maps.min.js Show response
cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/extras/ 354 B
339 B 31ms
10ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/extras/dynamic-import-maps.min.js

Requested by

Host: mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
URL: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6b8ec92b367409b8582f1032174e2acd5d22015d7d02a3518a73de6c21567845

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 21 May 2024 01:52:54 GMT
x-content-type-options: nosniff
content-encoding: br
age: 584626
x-jsd-version: 6.8.3
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 259
x-served-by: cache-fra-eddf8230135-FRA
x-jsd-version-type: version
etag: W/"162-7IttC8OHmH3HMUpyWgXWu4SoUgg"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 rxjs-shared.min.js Show response
cdn.jsdelivr.net/npm/@esm-bundle/rxjs@7.5.6/system/es2015/ 56 KB
19 KB 8ms
7ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@esm-bundle/rxjs@7.5.6/system/es2015/rxjs-shared.min.js

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/system.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

26ce59e48bcb1b23ffdfdf53651a48af724a47d33387995bffef77287c87dd4c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/
Origin: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 21 May 2024 01:52:54 GMT
x-content-type-options: nosniff
content-encoding: br
age: 1184161
x-jsd-version: 7.5.6
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18851
x-served-by: cache-fra-eddf8230151-FRA
x-jsd-version-type: version
etag: W/"e041-1jJI+n1cXvopoxxWhSiMkIIF+/k"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 odyssey-pki-certificate-service.js Show response
mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/ 3 MB
730 KB 961ms
960ms Script
application/javascript 18.239.36.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/odyssey-pki-certificate-service.js

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/system.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.239.36.79 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-239-36-79.ams58.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

5bc2a63574e2e9ba0108dab7d2554cd38647a617f9e12a65ef05a316ded02e3c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .scalar.zf.com .walkme.com .auth0.com; frame-src https: blob: .zf.com; default-src 'self' .jsdelivr.net .cdn.walkme.com .zf.com; img-src 'self' data: blob: https: .walkmeusercontent.com; script-src 'self' https: 'wasm-unsafe-eval' 'unsafe-eval' .jsdelivr.net 'unsafe-inline' .zf.com .walkme.com .mapbox.com; style-src 'self' 'unsafe-inline' *.walkme.com https:; object-src 'none'; font-src 'self' https: data:; connect-src wss: https: data:; worker-src 'self' blob:
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 01:52:56 GMT
x-amz-version-id: null
content-encoding: br
content-security-policy: frame-ancestors *.scalar.zf.com *.walkme.com *.auth0.com; frame-src https: blob: *.zf.com; default-src 'self' *.jsdelivr.net *.cdn.walkme.com *.zf.com; img-src 'self' data: blob: https: *.walkmeusercontent.com; script-src 'self' https: 'wasm-unsafe-eval' 'unsafe-eval' *.jsdelivr.net 'unsafe-inline' *.zf.com *.walkme.com *.mapbox.com; style-src 'self' 'unsafe-inline' *.walkme.com https:; object-src 'none'; font-src 'self' https: data:; connect-src wss: https: data:; worker-src 'self' blob:
via: 1.1 0df834b214e5d5be3767a579b1941edc.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-amz-cf-pop: AMS58-P2
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 20 May 2024 13:27:47 GMT
server: AmazonS3
etag: W/"dcee13f425b3c458ca83461799714d74"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
x-amz-cf-id: c6BTIghpQtq5ZsqLS_ssF1SbdfsBRKstxjug3ev7IoipGLovnzXcQg==

GET
H2

200

Primary Request login Show response
auth0.ap1.stg.scalar.zf.com/
Redirect Chain

https://auth0.ap1.stg.scalar.zf.com/authorize?audience=UM&scope=openid%20profile%20email%20offline_access&client_id=1CTnEjvoYRCvTarrzhW0ROO0xWMsTo8I&redirect_uri=https%3A%2F%2Fmf-react-pki-certific...
https://auth0.ap1.stg.scalar.zf.com/login?state=hKFo2SBlVWZNcjNpR3BlNGgzcDdWb2ZhcktnUjlPa2VLWEhMM6FupWxvZ2luo3RpZNkgZzlPWnhIT2tRSnFDT0RJTXJGZEtheWZ1NUIydGlyQVOjY2lk2SAxQ1RuRWp2b1lSQ3ZUYXJyemhXMFJPT...

7 KB
7 KB

355ms
354ms

Document
text/html

2606:4700::6810:a016
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://auth0.ap1.stg.scalar.zf.com/login?state=hKFo2SBlVWZNcjNpR3BlNGgzcDdWb2ZhcktnUjlPa2VLWEhMM6FupWxvZ2luo3RpZNkgZzlPWnhIT2tRSnFDT0RJTXJGZEtheWZ1NUIydGlyQVOjY2lk2SAxQ1RuRWp2b1lSQ3ZUYXJyemhXMFJPTzB4V01zVG84SQ&client=1CTnEjvoYRCvTarrzhW0ROO0xWMsTo8I&protocol=oauth2&audience=UM&scope=openid%20profile%20email%20offline_access&redirect_uri=https%3A%2F%2Fmf-react-pki-certificate-service.ap1.stg.scalar.zf.com%2Fcallback&response_type=code&response_mode=query&nonce=Z292LnRyTjFDSE10eFR1Mk9ET2dodTlNVTliSzlZa0NIaFZRUks3a0VyMQ%3D%3D&code_challenge=p5n2hpMAv65Wr98T3XQtuf3VQwe5Niw6IJ9U2F6kSLY&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS4xMi4xIn0%3D

Requested by

Host: mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
URL: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/odyssey-pki-certificate-service.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:a016 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b9387527405bcfcdaf9a9a6f06986f9fb1db490dd6bc21900202e6bae1c275c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, max-age=0, no-transform
cf-cache-status: DYNAMIC
cf-ray: 8870ee1abd959974-FRA
content-security-policy: frame-ancestors 'none'
content-type: text/html; charset=utf-8
date: Tue, 21 May 2024 01:52:58 GMT
etag: W/"1b32-BE3j1FAIsb+ormb+RQ1rpxrjqZM"
pragma: no-cache
referrer-policy: same-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-auth0-requestid: 54ddc3df5909dae15e71
x-content-type-options: nosniff
x-frame-options: deny
x-ratelimit-limit: 300
x-ratelimit-remaining: 299
x-ratelimit-reset: 1716256379
x-robots-tag: noindex, nofollow
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, max-age=0, no-transform
cf-cache-status: DYNAMIC
cf-ray: 8870ee183ca59974-FRA
content-length: 1434
content-type: text/html; charset=utf-8
date: Tue, 21 May 2024 01:52:58 GMT
location: /login?state=hKFo2SBlVWZNcjNpR3BlNGgzcDdWb2ZhcktnUjlPa2VLWEhMM6FupWxvZ2luo3RpZNkgZzlPWnhIT2tRSnFDT0RJTXJGZEtheWZ1NUIydGlyQVOjY2lk2SAxQ1RuRWp2b1lSQ3ZUYXJyemhXMFJPTzB4V01zVG84SQ&client=1CTnEjvoYRCvTarrzhW0ROO0xWMsTo8I&protocol=oauth2&audience=UM&scope=openid%20profile%20email%20offline_access&redirect_uri=https%3A%2F%2Fmf-react-pki-certificate-service.ap1.stg.scalar.zf.com%2Fcallback&response_type=code&response_mode=query&nonce=Z292LnRyTjFDSE10eFR1Mk9ET2dodTlNVTliSzlZa0NIaFZRUks3a0VyMQ%3D%3D&code_challenge=p5n2hpMAv65Wr98T3XQtuf3VQwe5Niw6IJ9U2F6kSLY&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS4xMi4xIn0%3D
pragma: no-cache
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept, Accept-Encoding
x-auth0-requestid: e9c5a877eae413c4bd3f
x-content-type-options: nosniff
x-ratelimit-limit: 300
x-ratelimit-remaining: 299
x-ratelimit-reset: 1716256378

GET favicon.ico
mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/ 0
0

GET
H2 200 auth0.min.js Show response
cdn.auth0.com/js/auth0/9.16.0/ 156 KB
42 KB 74ms
23ms Script
application/javascript 2600:9000:2449:e200:10:474e:104a:2961
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.auth0.com/js/auth0/9.16.0/auth0.min.js

Requested by

Host: auth0.ap1.stg.scalar.zf.com
URL: https://auth0.ap1.stg.scalar.zf.com/login?state=hKFo2SBlVWZNcjNpR3BlNGgzcDdWb2ZhcktnUjlPa2VLWEhMM6FupWxvZ2luo3RpZNkgZzlPWnhIT2tRSnFDT0RJTXJGZEtheWZ1NUIydGlyQVOjY2lk2SAxQ1RuRWp2b1lSQ3ZUYXJyemhXMFJPTzB4V01zVG84SQ&client=1CTnEjvoYRCvTarrzhW0ROO0xWMsTo8I&protocol=oauth2&audience=UM&scope=openid%20profile%20email%20offline_access&redirect_uri=https%3A%2F%2Fmf-react-pki-certificate-service.ap1.stg.scalar.zf.com%2Fcallback&response_type=code&response_mode=query&nonce=Z292LnRyTjFDSE10eFR1Mk9ET2dodTlNVTliSzlZa0NIaFZRUks3a0VyMQ%3D%3D&code_challenge=p5n2hpMAv65Wr98T3XQtuf3VQwe5Niw6IJ9U2F6kSLY&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtcmVhY3QiLCJ2ZXJzaW9uIjoiMS4xMi4xIn0%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2449:e200:10:474e:104a:2961 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

4e56db6fc2b439569b5553a77f54c661b438d1fc486f9dd4c4047850d5593e6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: qfhNjJUa0y8gOFCVics9gyiaHX4J3oLN
content-encoding: gzip
via: 1.1 435254ceec69c136096ca9b455fd3534.cloudfront.net (CloudFront)
date: Mon, 20 May 2024 12:05:00 GMT
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
x-amz-cf-pop: AMS58-P6
age: 49678
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 27 Apr 2021 09:33:51 GMT
server: AmazonS3
etag: W/"7eba16d3612e926b8bfbfa470049b345"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=2628000,public
x-robots-tag: noindex
x-amz-cf-id: 4hxE4TGb-6mbaCY5qzoZJgX4xOnE1WLGjT4BQ2a7FD5O2woLkyLUFQ==

GET
H2 200 object-assign.min.js Show response
cdn.auth0.com/js/polyfills/1.0/ 278 B
804 B 64ms
13ms Script
application/javascript 2600:9000:2449:e200:10:474e:104a:2961
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.auth0.com/js/polyfills/1.0/object-assign.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2449:e200:10:474e:104a:2961 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

2e3281ce824bc83f86243254926e320d7a51fd34e310d76f38ddf5ca4430bcd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: QnBigF9q9VrtNR8TU_yhfoN9BlecmQ2x
date: Mon, 20 May 2024 22:53:24 GMT
via: 1.1 435254ceec69c136096ca9b455fd3534.cloudfront.net (CloudFront)
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
x-amz-cf-pop: AMS58-P6
age: 10775
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 278
last-modified: Thu, 08 Jun 2017 20:30:02 GMT
server: AmazonS3
etag: "4dfaafaab07b1c6c2314bfe79a1baa81"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=10800,public
accept-ranges: bytes
x-robots-tag: noindex
x-amz-cf-id: z-M0Uwj6xj2BHOtHrTvhMZM4a6HLAkjsxEg-f5-7KQlEFRHSFicSOg==

GET
H2 200 / Show response
app-react-login.ap1.stg.scalar.zf.com/ Frame 4407 4 KB
2 KB 180ms
129ms Document
text/html 18.238.243.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app-react-login.ap1.stg.scalar.zf.com/

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.243.28 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-243-28.ams58.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

a7b241b7f4114917c0813b72e26762e94c09c2a61c5f5a0b0891692ae389a656

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .scalar.zf.com .walkme.com .auth0.com; frame-src https: blob: .zf.com; default-src 'self' .jsdelivr.net .cdn.walkme.com .zf.com; img-src 'self' data: blob: https: .walkmeusercontent.com; script-src 'self' https: 'wasm-unsafe-eval' 'unsafe-eval' .jsdelivr.net 'unsafe-inline' .zf.com .walkme.com .mapbox.com; style-src 'self' 'unsafe-inline' *.walkme.com https:; object-src 'none'; font-src 'self' https: data:; connect-src wss: https: data:; worker-src 'self' blob:
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

age: 33277
cache-control: no-cache
content-encoding: gzip
content-security-policy: frame-ancestors *.scalar.zf.com *.walkme.com *.auth0.com; frame-src https: blob: *.zf.com; default-src 'self' *.jsdelivr.net *.cdn.walkme.com *.zf.com; img-src 'self' data: blob: https: *.walkmeusercontent.com; script-src 'self' https: 'wasm-unsafe-eval' 'unsafe-eval' *.jsdelivr.net 'unsafe-inline' *.zf.com *.walkme.com *.mapbox.com; style-src 'self' 'unsafe-inline' *.walkme.com https:; object-src 'none'; font-src 'self' https: data:; connect-src wss: https: data:; worker-src 'self' blob:
content-type: text/html
date: Mon, 20 May 2024 16:38:22 GMT
etag: W/"1a15da205013291ab0e3dcbd2e3ee698"
last-modified: Mon, 20 May 2024 10:28:11 GMT
referrer-policy: strict-origin-when-cross-origin
server: AmazonS3
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 432282689bafd802e8ec9636c256a3b0.cloudfront.net (CloudFront)
x-amz-cf-id: BNNAXifJ861mTk_Tj2aA27ecvRph5xjQvo83XGewWmTFCo1IJBYOiA==
x-amz-cf-pop: AMS58-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: null
x-cache: Hit from cloudfront
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 runtime.min.js Show response
cdn.jsdelivr.net/npm/regenerator-runtime@0.13.9/ Frame 4407 7 KB
0 0ms
0ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/regenerator-runtime@0.13.9/runtime.min.js

Requested by

Host: app-react-login.ap1.stg.scalar.zf.com
URL: https://app-react-login.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

77d19549a305065ee52b2d568eba337536662830e5dd139a3968e2d0bc52c744

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://app-react-login.ap1.stg.scalar.zf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 01:52:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1114652
x-jsd-version: 0.13.9
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 2754
x-served-by: cache-fra-eddf8230135-FRA
x-jsd-version-type: version
etag: W/"1ae4-Na/OzxhfKa/jJwFIAaPghVpVc6A"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 react.production.min.js Show response
cdn.jsdelivr.net/npm/react@18.2.0/umd/ Frame 4407 10 KB
0 1ms
1ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/react@18.2.0/umd/react.production.min.js

Requested by

Host: app-react-login.ap1.stg.scalar.zf.com
URL: https://app-react-login.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4b4969fa4ef3594324da2c6d78ce8766fbbc2fd121fff395aedf997db0a99a06

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://app-react-login.ap1.stg.scalar.zf.com/
Origin: https://app-react-login.ap1.stg.scalar.zf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 01:52:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2415082
x-jsd-version: 18.2.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4465
x-served-by: cache-fra-eddf8230151-FRA
x-jsd-version-type: version
etag: W/"29f1-mAiaM9DPL6Sz4bqbfuubi6Csgqc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 react-dom.production.min.js Show response
cdn.jsdelivr.net/npm/react-dom@18.2.0/umd/ Frame 4407 129 KB
0 2ms
2ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/react-dom@18.2.0/umd/react-dom.production.min.js

Requested by

Host: app-react-login.ap1.stg.scalar.zf.com
URL: https://app-react-login.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

21758ed084cd0e37e735722ee4f3957ea960628a29dfa6c3ce1a1d47a2d6e4f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://app-react-login.ap1.stg.scalar.zf.com/
Origin: https://app-react-login.ap1.stg.scalar.zf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 01:52:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2415082
x-jsd-version: 18.2.0
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 44592
x-served-by: cache-fra-eddf8230151-FRA
x-jsd-version-type: version
etag: W/"2032a-UG2RAMqgcABaiQvUlt5kxDfW0Ag"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 single-spa.min.js Show response
cdn.jsdelivr.net/npm/single-spa@5.9.4/lib/system/ Frame 4407 20 KB
0 3ms
3ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/single-spa@5.9.4/lib/system/single-spa.min.js

Requested by

Host: app-react-login.ap1.stg.scalar.zf.com
URL: https://app-react-login.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fda24b7112d59c7417df5bd735ebc7c4bf22c68fc6403497f35dd5245ef04371

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://app-react-login.ap1.stg.scalar.zf.com/
Origin: https://app-react-login.ap1.stg.scalar.zf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 01:52:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1028344
x-jsd-version: 5.9.4
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6770
x-served-by: cache-fra-eddf8230151-FRA
x-jsd-version-type: version
etag: W/"5059-2wiyzGMvQ5lqQS+Z7/KQHjyi1Ac"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 system.min.js Show response
cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/ Frame 4407 11 KB
0 3ms
3ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/system.min.js

Requested by

Host: app-react-login.ap1.stg.scalar.zf.com
URL: https://app-react-login.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

faf458dcada028341e6c98a52f71067328fb710a51d0f3acb69df9dbe93619af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://app-react-login.ap1.stg.scalar.zf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 01:52:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2861055
x-jsd-version: 6.8.3
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 4684
x-served-by: cache-fra-eddf8230135-FRA
x-jsd-version-type: version
etag: W/"2d8f-vNLePrR3zcdZpnqBy/hzJsUTIac"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 rxjs.min.js Show response
cdn.jsdelivr.net/npm/@esm-bundle/rxjs@7.5.6/system/es2015/ Frame 4407 3 KB
0 4ms
4ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@esm-bundle/rxjs@7.5.6/system/es2015/rxjs.min.js

Requested by

Host: app-react-login.ap1.stg.scalar.zf.com
URL: https://app-react-login.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

d192aa00fbdb4e8c6cfe3fe8b2e6a8bc7a698c97a573ecd3a46fd61bb700e649

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://app-react-login.ap1.stg.scalar.zf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 01:52:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1550483
x-jsd-version: 7.5.6
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1316
x-served-by: cache-fra-eddf8230135-FRA
x-jsd-version-type: version
etag: W/"aba-MaEu2eoP0/qi2oATNbBoSWrEgFc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 dynamic-import-maps.min.js Show response
cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/extras/ Frame 4407 354 B
0 5ms
5ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/extras/dynamic-import-maps.min.js

Requested by

Host: app-react-login.ap1.stg.scalar.zf.com
URL: https://app-react-login.ap1.stg.scalar.zf.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

6b8ec92b367409b8582f1032174e2acd5d22015d7d02a3518a73de6c21567845

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://app-react-login.ap1.stg.scalar.zf.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 01:52:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 584626
x-jsd-version: 6.8.3
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 259
x-served-by: cache-fra-eddf8230135-FRA
x-jsd-version-type: version
etag: W/"162-7IttC8OHmH3HMUpyWgXWu4SoUgg"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 rxjs-shared.min.js Show response
cdn.jsdelivr.net/npm/@esm-bundle/rxjs@7.5.6/system/es2015/ Frame 4407 56 KB
0 0ms
0ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@esm-bundle/rxjs@7.5.6/system/es2015/rxjs-shared.min.js

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/systemjs@6.8.3/dist/system.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

26ce59e48bcb1b23ffdfdf53651a48af724a47d33387995bffef77287c87dd4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://app-react-login.ap1.stg.scalar.zf.com/
Origin: https://app-react-login.ap1.stg.scalar.zf.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 21 May 2024 01:52:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1184161
x-jsd-version: 7.5.6
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 18851
x-served-by: cache-fra-eddf8230151-FRA
x-jsd-version-type: version
etag: W/"e041-1jJI+n1cXvopoxxWhSiMkIIF+/k"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET odyssey-login.js
app-react-login.ap1.stg.scalar.zf.com/ Frame 4407 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
URL: https://mf-react-pki-certificate-service.ap1.stg.scalar.zf.com/favicon.ico

Domain: app-react-login.ap1.stg.scalar.zf.com
URL: https://app-react-login.ap1.stg.scalar.zf.com/odyssey-login.js

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| auth0

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
auth0.ap1.stg.scalar.zf.com/usernamepassword/login	1970-01-20 20:58:40	Name: _csrf Value: kOeNi9bh5V3KaGzHWcOcQShL
auth0.ap1.stg.scalar.zf.com/	1970-01-21 05:30:13	Name: did Value: s%3Av0%3Ad8f22f70-1714-11ef-a9a0-917852af8208.Y21NCrkndSJ1h2nqhsAvaRsqec2Y6AlESs%2BmaQtBVA8
auth0.ap1.stg.scalar.zf.com/	1970-01-20 20:48:35	Name: auth0 Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQDx9icpvPHkOz14ODvTC7M8lz5KW6fOVZZzKVYeLetMan1JZXZPoBvzAYB6R49bG7aLUbyvQZwlusd_yRzGvHTOmY29va2llg6dleHBpcmVz1__SSQIAZk_y-a5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.1WVUSkhViAuCkCH8P176h0TNEiqrcmVcc2hzb%2Bm6Z80
auth0.ap1.stg.scalar.zf.com/	1970-01-21 05:30:13	Name: did_compat Value: s%3Av0%3Ad8f22f70-1714-11ef-a9a0-917852af8208.Y21NCrkndSJ1h2nqhsAvaRsqec2Y6AlESs%2BmaQtBVA8
auth0.ap1.stg.scalar.zf.com/	1970-01-20 20:48:35	Name: auth0_compat Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQDx9icpvPHkOz14ODvTC7M8lz5KW6fOVZZzKVYeLetMan1JZXZPoBvzAYB6R49bG7aLUbyvQZwlusd_yRzGvHTOmY29va2llg6dleHBpcmVz1__SSQIAZk_y-a5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.1WVUSkhViAuCkCH8P176h0TNEiqrcmVcc2hzb%2Bm6Z80

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors .scalar.zf.com .walkme.com .auth0.com; frame-src https: blob: .zf.com; default-src 'self' .jsdelivr.net .cdn.walkme.com .zf.com; img-src 'self' data: blob: https: .walkmeusercontent.com; script-src 'self' https: 'wasm-unsafe-eval' 'unsafe-eval' .jsdelivr.net 'unsafe-inline' .zf.com .walkme.com .mapbox.com; style-src 'self' 'unsafe-inline' *.walkme.com https:; object-src 'none'; font-src 'self' https: data:; connect-src wss: https: data:; worker-src 'self' blob:
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app-react-login.ap1.stg.scalar.zf.com
auth0.ap1.stg.scalar.zf.com
cdn.auth0.com
cdn.jsdelivr.net
mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
app-react-login.ap1.stg.scalar.zf.com
mf-react-pki-certificate-service.ap1.stg.scalar.zf.com
18.238.243.28
18.239.36.79
2600:9000:2449:e200:10:474e:104a:2961
2606:4700::6810:a016
2a04:4e42:600::485
21758ed084cd0e37e735722ee4f3957ea960628a29dfa6c3ce1a1d47a2d6e4f7
26ce59e48bcb1b23ffdfdf53651a48af724a47d33387995bffef77287c87dd4c
2e3281ce824bc83f86243254926e320d7a51fd34e310d76f38ddf5ca4430bcd8
4b4969fa4ef3594324da2c6d78ce8766fbbc2fd121fff395aedf997db0a99a06
4e56db6fc2b439569b5553a77f54c661b438d1fc486f9dd4c4047850d5593e6e
5bc2a63574e2e9ba0108dab7d2554cd38647a617f9e12a65ef05a316ded02e3c
6b8ec92b367409b8582f1032174e2acd5d22015d7d02a3518a73de6c21567845
74ad1cc7a810b6e2dcbcd201215251ef2dd57a7ab8bc95c1f108bbae608ed521
77d19549a305065ee52b2d568eba337536662830e5dd139a3968e2d0bc52c744
8b9387527405bcfcdaf9a9a6f06986f9fb1db490dd6bc21900202e6bae1c275c
a7b241b7f4114917c0813b72e26762e94c09c2a61c5f5a0b0891692ae389a656
d192aa00fbdb4e8c6cfe3fe8b2e6a8bc7a698c97a573ecd3a46fd61bb700e649
faf458dcada028341e6c98a52f71067328fb710a51d0f3acb69df9dbe93619af
fda24b7112d59c7417df5bd735ebc7c4bf22c68fc6403497f35dd5245ef04371

auth0.ap1.stg.scalar.zf.com Open in urlscan Pro 2606:4700::6810:a016 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

24 Requests

92 %HTTPS

60 %IPv6

3 Domains

5 Subdomains

6 IPs

1 Countries

868 kBTransfer

3529 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

5 Cookies

Security Headers

Indicators

auth0.ap1.stg.scalar.zf.com Open in urlscan Pro
2606:4700::6810:a016 Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

92 %
HTTPS

60 %
IPv6

3
Domains

5
Subdomains

6
IPs

1
Countries

868 kB
Transfer

3529 kB
Size

5
Cookies

24 HTTP transactions
0 data transactions